‘SOC’ is the acronym for ‘Security Operations Center’. The 2018 Verizon DBIR (Data breach investigations report) states that there were 53,308 security incidents and there were 2,216 data breaches in the year 2018. It also states that the 68% of the breaches took months or longer to discover! Isn’t it amazing – there is a breach in your organization and you don’t have any idea about it till your customers let you know about it or a third party lets you know about it! That is probably the sad truth in the industry!!
SOC:
Keeping that in mind, the SOC is a team that has been informed whose sole purpose is to monitor and analyze the security of an organization. As with other things in security, a SOC team must be formed only after the formal assent from senior management. For any security program to be successful, the senior management in an organization must always be in tune with the goals of the Information security team.
Since security is mostly a reactive approach for most organizations, the SOC team is trained to detect security incidents within an organization and pass the control onto the ‘incident response team’ if an incident occurs.Â
The SOC team consists of security engineers, SOC managers and security analysts along with other security professionals. The SOC team will hopefully reduce the time needed to respond to a cyber attack – since a team is always there to detect attacks as early as possible.
The SOC team must be up 24 hrs a day, 7 days a week, 365 days a year! There might never be a dull moment in the SOC team. The day may start out calm and before long alarm bells might be ringing detecting a security incident. The SOC infrastructure involves the defensive security mechanisms of firewalls, IDS/IPS, breach detection solutions and more.Â
Responsibilities of a SOC:
A professional in the SOC team is expected to be able to perform these tasks:
- network analysis
- IDS monitoring and analysis
- malware analysis and forensics
- The SOC team should also be in tune with the emerging trends and threats in the cyber security landscape.Â
What are the skills to be a member of the SOC team?
You may need to have:
- a Computer Science degree
- 1-3 years of work experience related to SQL, TCP/IP, IDS/IPS, C, C++, Java, PHP, OS(like Linux, Unix, Windows)
- Certifications such as GIAC, CISSP, CEH
These are some skills that are suggested to become a member of the SOC. There are other ways if you have the passion for joining a very happening team in the InfoSec domain!!
This post is for alphabet ‘S’ for #Blogchatter challenge. The previous post can be found here.
Quite an informative article!
Thank you, Aditi! 🙂
Security breach is such an area of concern these days. This was quite an informative and helpful post..
Thanks Sonia! 🙂